Skip to content
Kordu Tools
Network & IP Runs in browser Updated 30 Mar 2026

SSL Certificate Checker

Check SSL/TLS certificate validity, issuer, expiry, and SANs for any domain via Certificate Transparency logs.

Loading rating…

How to use SSL Certificate Checker

  1. Enter a domain

    Type the domain you want to check — for example, example.com. Do not include https:// or the path.

  2. Run the check

    Click the Check SSL button or press Enter to query Certificate Transparency logs via crt.sh.

  3. Review certificate details

    See the issuer, validity dates, days remaining until expiry, and a color-coded status badge: green (valid), amber (expiring soon), red (expired).

  4. Check Subject Alternative Names

    Expand the SANs list to see all hostnames and subdomains covered by the certificate.

SSL Certificate Checker FAQ

Where does the certificate data come from?
Data is sourced from Certificate Transparency (CT) logs via crt.sh — a public, append-only record of all certificates issued by publicly trusted certificate authorities.

Why might the certificate shown differ from my browser's?
CT logs contain all issued certificates, including older ones. The tool shows the most recently issued valid certificate, which may differ from the exact leaf certificate your browser negotiates during a TLS handshake.

What does 'Expiring Soon' mean?
Certificates with fewer than 30 days remaining are flagged as Expiring Soon with an amber badge, giving you time to renew before expiry.

Is this tool private?
The only external request is to crt.sh, which queries public Certificate Transparency logs. No personal data is sent or stored.

What is a Subject Alternative Name (SAN)?
SANs list all hostnames the certificate is valid for. A single certificate may cover multiple subdomains or domains — for example, example.com and www.example.com.

What is the difference between DV, OV, and EV certificates?
DV (Domain Validation) only verifies domain control — used by Let's Encrypt. OV (Organisation Validation) verifies the company identity. EV (Extended Validation) undergoes strict vetting and used to show a green bar in browsers.

How often do SSL certificates need to be renewed?
Most certificates are valid for 90 days (Let's Encrypt) or up to 1 year (commercial CAs). Set a renewal reminder well before the expiry date shown in this tool.

Can this tool check self-signed certificates?
No. Self-signed certificates are not submitted to Certificate Transparency logs, so they will not appear in crt.sh results.

Does this check the live TLS connection?
No — it queries CT log records, not the live server. To verify the active TLS handshake and cipher suite, use your browser's DevTools or an OpenSSL command.

Background

Check the SSL/TLS certificate health for any domain in seconds. This tool queries Certificate Transparency logs via crt.sh to find the most recently issued valid certificate and displays: subject common name, issuer (e.g. Let's Encrypt, DigiCert, Sectigo), validity dates, days remaining until expiry, serial number, and all Subject Alternative Names (SANs).

Status is color-coded: green (valid), amber (expiring within 30 days), red (expired). Use it to monitor certificate health, verify issuers, audit wildcard coverage, and catch misconfigured or expired certs before users do.

Who is this for: webmasters verifying HTTPS is correctly configured, IT teams monitoring certificate renewal cycles, developers checking staging domains, security engineers auditing third-party services, and anyone who wants to inspect a certificate without opening browser DevTools.

Related tools

DNS Lookup

Query all DNS record types for any domain — A, AAAA, MX, TXT, CNAME, NS, SOA, CAA — via Cloudflare DoH.

WHOIS Lookup

Look up domain registration details — registrar, creation/expiry dates, nameservers, and DNSSEC — via RDAP.

MX Lookup

Look up MX records for any domain — mail server priority, IP addresses, and email provider detection.

SPF Record Checker

Look up and validate SPF records — parse mechanisms, detect misconfigurations, and check email authentication.

Learn more

network

SSL/TLS Explained: How HTTPS Actually Works

How TLS handshakes, certificate chains, and HTTPS encryption work step by step. TLS 1.3 cuts handshakes to 1 round trip, down from 2 in TLS 1.2.